BFSI

From Private Cloud to Hybrid: A BFSI Migration Pattern

Banks and NBFIs in Bangladesh do not move to public cloud overnight. The realistic path is hybrid — and the order of operations matters more than the destination.

Imtiaz Khan
·

Most BFSI customers we meet already run a private cloud — usually VMware on Tier-III colo. The interesting question is not whether to move to public cloud, but which workload, where, and in what order.

60+
Scheduled banks supervised by BB
Plus 30+ NBFIs
ICT 4.0
BB's current ICT Security Guideline cycle
BDT
Practical billing currency for almost all
USD ±
FX exposure that hyperscaler invoices add

A migration order that actually works

Four phases — skip Phase 1 and the rest take three years instead of eighteen months
1
Consolidate the existing private cloud Phase 1

One hypervisor (vSphere/KVM), one OIDC IdP, one IaC layer (Terraform), one CMDB

2
Move analytical and dev workloads Phase 2

Sandboxes, data lake (Iceberg/Parquet), ML training, dev/test envs

3
Add a sovereign IaaS for regulated data Phase 3

Customer data, channels, fraud detection, compliance reporting — BDT-billed

4
Selective public cloud Phase 4

Global CDN, frontier ML APIs, SaaS integrations, out-of-country DR

Typical phase durations in a successful BFSI hybrid programme
Phase 1: Consolidate
4 mo
Phase 2: Analytics/dev
3 mo
Phase 3: Sovereign IaaS
5 mo
Phase 4: Selective public
4 mo

Source: Cloud Digit BFSI engagements, 2023–2025; phases overlap in practice.

Steady-state workload distribution after a year in hybrid mode
Private cloud (core, regulated) Core banking, payments switch
45 %
Sovereign IaaS (customer data) Channels, fraud, reporting
28 %
Analytics / dev cloud Lake, ML, sandboxes
17 %
Public cloud (selective) CDN, SaaS, DR
10 %

Source: Composite of BFSI customers; weighted by VM-equivalent footprint.